fix: validate state for manual Chutes OAuth

src/commands/auth-choice.e2e.test.ts

@@ -1127,7 +1127,7 @@ describe("applyAuthChoice", () => {
 
     expect(text).toHaveBeenCalledWith(
       expect.objectContaining({
-        message: "Paste the redirect URL (or authorization code)",
+        message: "Paste the redirect URL",
       }),
     );
     expect(result.config.auth?.profiles?.["chutes:remote-user"]).toMatchObject({

src/commands/chutes-oauth.ts

@@ -156,7 +156,7 @@ export async function loginChutes(params: {
     await params.onAuth({ url });
     params.onProgress?.("Waiting for redirect URL…");
     const input = await params.onPrompt({
-      message: "Paste the redirect URL (or authorization code)",
+      message: "Paste the redirect URL",
       placeholder: `${params.app.redirectUri}?code=...&state=...`,
     });
     const parsed = parseOAuthCallbackInput(String(input), state);
@@ -176,7 +176,7 @@ export async function loginChutes(params: {
     }).catch(async () => {
       params.onProgress?.("OAuth callback not detected; paste redirect URL…");
       const input = await params.onPrompt({
-        message: "Paste the redirect URL (or authorization code)",
+        message: "Paste the redirect URL",
         placeholder: `${params.app.redirectUri}?code=...&state=...`,
       });
       const parsed = parseOAuthCallbackInput(String(input), state);

src/commands/oauth-flow.ts

@@ -17,8 +17,7 @@ export function createVpsAwareOAuthHandlers(params: {
   onAuth: (event: { url: string }) => Promise<void>;
   onPrompt: (prompt: OAuthPrompt) => Promise<string>;
 } {
-  const manualPromptMessage =
-    params.manualPromptMessage ?? "Paste the redirect URL (or authorization code)";
+  const manualPromptMessage = params.manualPromptMessage ?? "Paste the redirect URL";
   let manualCodePromise: Promise<string> | undefined;
 
   return {